Fortinet - FortiOS - Block all MSN Messenger users except on allow list

Overview

This blog post will guide you through how to enable IM filtering for MSN Messenger.

OS Version

FortiOS: v4.3.9

Steps to Follow


You will perform the following:

a. Create an Application Sensor
b. Create a New Filter For This Sensor
c. Attach Application Sensor to an Outbound Policy
d. Deny All MSN Login Events in the CLI
e. Create Deny and or allow list for MSN users


a. Create an Application Sensor

1) Step1 above is to click on UTM Profiles
2) Step2 above is to click on Application Sensor
3) Step3 above is to click on the + sign to create a new Application Sensor

1) Step1 above is to have you enter the name of this Application Sensor.

b. Create a Filter For This Sensor

1) Step1 above is verify that you have your application sensor selected. The name of the sensor should be listed in this field. You would click on Step1b and select your sensor if it is not displayed in Step1

2) Step2 above is to click on “Create New” to create the filter

1) Step1 above is to click “Application”

2) Step2 above is to enter the MSN.Messenger filter name.

3) Step3 above is to make sure “Block File Transfers” is checked

4) Step4 above is to make sure “Block Audio ” is checked

c. Attach Application sensor to an outbound policy

1) Step1 above is to click “Policy”

2) Step2 above is to click “Policy”

3) Step3 above is to edit your outbound policy as in the above example

1) Step1 above is to click “Enable UTM” on this policy

2) Step2 above is to enable Application Control

3) Step3 above is to select the Application Sensor created earlier

d. Deny All MSN Login Events in the CLI

1) Step1 above is to type “config im2p policy”

2) Step2 above is to type “set msn deny”

3) Step3 above is to type “end”

e. Create Deny and or allow list for MSN users

1) Step1 above is to type “config imp2p msn-user”

2) Step2 above is to type “edit testemail@hotmail.com”. The email address is the only you want to

allow and or deny

3) Step3 above is to type “set action permit”. The permit or deny is to allow or deny this user

4) Step4 above is to type “end”

In the GUI after adding a user in the CLI you can then add and remove users from the GUI. Under User -> User -> User you will notice IM appear. You will have to log in then out for this to appear

1) Step1 above is to click “User”

2) Step1 above is to click “IM”

3) Step1 above is to click “Create New” if you want to create a new user to allow through MSN

messenger